Inactive Live Security Platinum

[quickener]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 14:47:43 Run:1
Running from E:\Virus Removal
==============================================
SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.
==== End of Fixlog ====

 

[Broni]

See if you can boot normally.

 

[quickener]

I apologize - it does not start still - it still says "NTLDR is missing"

 

[quickener]

Based on how things seem to be going, do you think we can restore the computer to its pre-virus state? I have considered reinstalling the OS, but only if you think the work to get it back may be too rough or time-consuming. You helped me fix my computer a few years ago, and was excited you are helping me again; but I also don't want to waste your time if you think my computer is beyond fixing at this point.

 

[Broni]

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download GETxPUD.exe to the desktop of your clean computer

• Double click on GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Insert blank CD into your CD drive.
• Click on Start and follow the prompts to burn the image to a CD.
• Boot bad computer from the CD
• Click Menu then Terminal Emulator
• Type parted /dev/sda set 1 boot on
• Press Enter
• Type parted /dev/sda rm 2
• Press Enter
• Remove xPUD CD, see if you can boot normally.

 

[quickener]

Same result as in post #22

I made it to the Welcome to xPUD screen, then it went to a dos screen with a good number of problems such as "unable to connect to X server" and "Server error". At the bottom of the screen is a prompt

sh-4.0#
This is far as it gets.​

 

[Broni]

If you think reinstalling Windows is not a big deal it may be the idea at this point.

 

[quickener]

It's not my first choice, naturally, but if you think we have a long road to get the computer back and not even sure if it's recoverable, reinstallation would definitely save time. What is your prognosis on time required to get computer back or if you think we can get it back? I really appreciate your time thus far and trust in your opinion.

 

[Broni]

I don't even know if it's possible.

Beside being infected with ZeroAccess rootkit you also have infected fake partition, which is set to "Active".
That's the reason for "NTLDR is missing" error since the computer boots to not bootable partition.

We can try one more option.

1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:

At the above prompt type:
DISKPART
Press Enter.

Let me know when you get there.

 

[quickener]

I'm there and it's going fine thus far.

 

[Broni]

Type:
LIST DISK
Press Enter.

Let me know what you see on your screen and which disk has a "*" in front of it.

 

[quickener]

When I typed DISKPART, there is no prompt to type LIST DISK. Instead, I must choose which partition to delete. The choices are:

476938 MB Disk 0 at Id 0 on bus 0 on atapi [MBR]
C: Partition1 [NTFS] 476930 MB (380424 MB free)
F: Partition2 (Inactive (OS/2 Boot Man 10 MB (10 MB free)

78529 MB Disk 0 at Id 0 on bus 0 on atapi [MBR]
D: Partition1 (Lil Buddy) [NTFS] 78521 MB (78453 MB free)
Unpartitioned space 8 MB

None have an "*" in front of them

 

[Broni]

Are you sure this says "Disk 0" not "Disk 1"?

78529 MB Disk 0 at Id 0 on bus 0 on atapi [MBR]

 

[quickener]

Yes, both are listed as Disk 0 - I'm pretty sure that the 78529 MB is from our printer - I remember naming it is as "Lil Buddy". I'm not sure why it is there when I installed the printer but it is.

 

[Broni]

Type:
LIST PARTITION
Press Enter.

Let me know what you see on your screen and which partition has a "*" in front of it.

 

[quickener]

There is no prompt for me to type anything; for a highlighted partition, my choices are ESC = Cancel and D = Delete Partition.
If I press ESC, then I get back to a dos prompt. But it doesn't recognize LIST PARTITION or LIST DISK

 

[Broni]

You're doing something wrong.

When you typed DISPART did you press Enter?
If so you should be back to command prompt.

Type DISKPART again and press Enter.
Are you back at command prompt?

 

[quickener]

Hmm...I typed DISKPART at the initial command prompt. Then I had to press enter for it to realize I was done typing. Then it went to the partition screen I described in my last post. Not sure how I could be doing something wrong. I redid all the steps and same result, so not sure how to proceed. I have to go for tonight - thank you again for all of your help.

 

[Broni]

It looks like nothing wants to cooperate.

At this point I really don't see other option but to reinstall Windows.

 

[quickener]

I understand - thank you very much for your help - I really appreciate it. I will start on that today.

 

[Broni]

I'm sorry we couldn't fix it